Individuals and groups, including businesses, often create or possess information that they do not desire to share with others. The owners of such sensitive data may find that maintaining this data in a confidential or internal state is difficult for various reasons, including due to various technological advances such as high-speed Internet access, smart mobile devices, portable storage devices, and third-party storage services.
Data may leak from its original owner in a variety of ways. For example, an employee within a business may leak data inadvertently, either because the employee is unaware of a policy against sharing data or because the employee is unaware that his/her actions may cause a violation of such a policy. An employee or other person may also leak data intentionally, including for retribution or for personal gain.
Some owners of data have responded to the problem of data leaks by implementing data loss prevention (DLP) systems. Conventional DLP systems are typically data-centric; that is, they focus on determining whether a particular item of data is sensitive and, if the data is sensitive, enforcing a policy to ensure that the data is not leaked. Data-centric DLP systems typically execute in either a blocking mode, which prevents interactions with sensitive data, or a monitoring mode, which merely monitors interactions with sensitive data.
Unfortunately, the above-described data-centric approach used by many conventional DLP systems may suffer from a number of limitations and deficiencies. For example, if a business chooses to operate its DLP system in a blocking mode, the workflows of employees within this business may be constantly interrupted with DLP errors or notifications, even if these employees are attempting to access sensitive data in an appropriate manner. However, if a business chooses to operate its DLP system in a monitoring mode, this may result in data loss or policy non-compliance since inappropriate interactions with sensitive data are merely monitored, as opposed to blocked. In addition, while conventional DLP systems may enable businesses to whitelist entire applications to indicate which applications are allowed access to sensitive data, whitelisted applications are typically not monitored, which may result in a loss of visibility of the flow of sensitive data. As such, the instant disclosure identifies a need for improved systems and methods for managing data loss prevention policies.